Evaluation of TFTP DDoS amplification attack. Issue 57 (March 2016)
- Record Type:
- Journal Article
- Title:
- Evaluation of TFTP DDoS amplification attack. Issue 57 (March 2016)
- Main Title:
- Evaluation of TFTP DDoS amplification attack
- Authors:
- Sieklik, Boris
Macfarlane, Richard
Buchanan, William J. - Abstract:
- Abstract: Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013 ). This appears to be a significant issue, since many major businesses seem to provide these services. Denial of Service (DoS) attacks are one of the most significant web threats and generally their aim is to waste the resources of the target machine (Mirkovic & Reiher, 2004). Distributed Denial of Service (DDoS) attacks are typically executed from many sources and can result in large traffic flows. During last year 11% of DDoS attacks were over 60 Gbps (Prolexic, 2013a). The DDoS attacks are usually performed from the large botnets, which are networks of remotely controlled computers. There is an increasing effort by governments and companies to shut down the botnets (Dittrich, 2012), which has lead the attackers to look for alternative DDoS attack methods. One of the techniques to which attackers are returning to is DDoS amplification attacks. Amplification attacks use intermediate devices called amplifiers in order to amplify the attacker's traffic. This work outlines an evaluation tool and evaluates an amplification attack based on the Trivial File Transfer Protocol (TFTP). This attack could have amplification factor of approximately 60, which rates highly alongside other researched amplification attacks. This could be a substantial issue globally, due to the fact this protocol is used in approximately 599,Abstract: Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013 ). This appears to be a significant issue, since many major businesses seem to provide these services. Denial of Service (DoS) attacks are one of the most significant web threats and generally their aim is to waste the resources of the target machine (Mirkovic & Reiher, 2004). Distributed Denial of Service (DDoS) attacks are typically executed from many sources and can result in large traffic flows. During last year 11% of DDoS attacks were over 60 Gbps (Prolexic, 2013a). The DDoS attacks are usually performed from the large botnets, which are networks of remotely controlled computers. There is an increasing effort by governments and companies to shut down the botnets (Dittrich, 2012), which has lead the attackers to look for alternative DDoS attack methods. One of the techniques to which attackers are returning to is DDoS amplification attacks. Amplification attacks use intermediate devices called amplifiers in order to amplify the attacker's traffic. This work outlines an evaluation tool and evaluates an amplification attack based on the Trivial File Transfer Protocol (TFTP). This attack could have amplification factor of approximately 60, which rates highly alongside other researched amplification attacks. This could be a substantial issue globally, due to the fact this protocol is used in approximately 599, 600 publicly open TFTP servers. Mitigation methods to this threat have also been considered and a variety of countermeasures are proposed. Effects of this attack on both amplifier and target were analysed based on the proposed metrics. While it has been reported that the breaching of TFTP would be possible (Schultz, 2013 ), this paper provides a complete methodology for the setup of the attack, and its verification. … (more)
- Is Part Of:
- Computers & security. Issue 57(2016)
- Journal:
- Computers & security
- Issue:
- Issue 57(2016)
- Issue Display:
- Volume 57, Issue 57 (2016)
- Year:
- 2016
- Volume:
- 57
- Issue:
- 57
- Issue Sort Value:
- 2016-0057-0057-0000
- Page Start:
- 67
- Page End:
- 92
- Publication Date:
- 2016-03
- Subjects:
- DDoS -- Amplification attack -- DoS -- Network flood -- DDoS evaluation
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2015.09.006 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2711.xml